How the FTX Thieves Have Tried to Launder Their $400 Million Haul


Because the legal trial of FTX founder Sam Bankman-Fried unfolds in a Manhattan courtroom, some observers within the cryptocurrency world have been watching a distinct FTX-related crime in progress: The still-unidentified thieves who stole more than $400 million out of FTX on the same day that the exchange declared bankruptcy have, after 9 months of silence, been busy transferring these funds throughout blockchains in an obvious try to money out their loot whereas overlaying their tracks. Blockchain watchers nonetheless hope that cash path may assist to determine the perpetrators of the heist—and reply the looming query of whether or not somebody with insider data of FTX was concerned.

In the present day, cryptocurrency tracing agency Elliptic launched a brand new report on the complicated path these stolen funds have taken over the 11 months since they had been pulled out of FTX on November 11 of final yr. Elliptic’s tracing exhibits how that nine-figure sum, which FTX places at between $415 million and $432 million, has since moved via an extended checklist of crypto companies because the thieves try to arrange it for laundering and liquidation, and even via one service owned by FTX itself. However these a whole bunch of tens of millions additionally sat idle for all of 2023—solely to start to maneuver once more this month, in some circumstances as Bankman-Fried himself sat in court docket, elevating new and unanswered questions concerning the thieves’ identities and plans.

“The funds mainly did not transfer for 9 months, after which a few days earlier than the trial begins, they begin to transfer once more,” says Tom Robison, Elliptic’s cofounder and chief scientist. “Why did they’ve to maneuver the funds now? It does not actually make sense to begin laundering funds on the time when there’s a lot consideration on the sufferer of the hack.”

Apart from that unusual timing, Elliptic says the FTX thieves have largely taken steps typical for the perpetrators of large-scale crypto heists because the culprits sought to safe the funds, swap them for extra simply laundered cash, after which funnel them via cryptocurrency “mixing” companies to realize that laundering. The vast majority of the stolen funds, Elliptic says, had been stablecoins that, in contrast to different types of cryptocurrency, could be frozen by their issuer within the case of theft. In truth, the stablecoin issuer Tether moved shortly to freeze $31 million of the stolen cash in response to the FTX heist. So the thieves instantly started exchanging the remainder of these stablecoins for different crypto tokens on decentralized exchanges like Uniswap and PancakeSwap—which haven’t got the know-your-customer necessities that centralized exchanges do, partly as a result of they do not enable exchanges for fiat foreign money.

Within the days that adopted, Elliptic says, the thieves started a multi-step course of to transform the tokens they’d traded for the stablecoins into cryptocurrencies that will be simpler to launder. They used “cross-chain bridge” companies that enable cryptocurrencies to be exchanged from one blockchain to a different, buying and selling their tokens on the bridges Multichain and Wormhole to transform them to Ethereum. By the third day after the theft, the thieves held a single Ethereum account value $306 million, down about $100 million from their preliminary complete as a result of Tether seizure and the price of their trades.

From there, the thieves seem to have centered on exchanging their Ethereum for Bitcoin, which is usually simpler to feed into “mixing” companies that supply to mix a person’s bitcoins with these of different customers to forestall blockchain-based tracing. On November 20, 9 days after the theft, they traded a few quarter of their Ethereum holdings for Bitcoin on a bridge service known as RenBridge—a service that was, mockingly, itself owned by FTX. “Sure, it’s fairly superb, actually, that the proceeds of a hack had been mainly being laundered via a service owned by the sufferer of the hack,” says Elliptic’s Robison.

Source link